Security News > 2021 > July > Kaseya warns of phishing campaign pushing fake security updates
Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates.
"Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments," the company said in an alert issued on Thursday evening.
"Do not click on any links or download any attachments claiming to be a Kaseya advisory. Moving forward, Kaseya email updates will not contain any links or attachments."
As BleepingComputer first reported, Malwarebytes Threat Intelligence researchers have recently discovered a series of phishing attacks trying to take advantage of the ongoing Kaseya ransomware crisis.
"A malspam campaign is taking advantage of Kaseya VSA ransomware attack to drop CobaltStrike," Malwarebytes researchers said.
After the attack was disclosed, CISA and the FBI have shared guidance on how to deal with the attack's aftermath, and the White House National Security Council is urging victims to follow the guidance issued by Kaseya and report incidents to the FBI. However, despite the attack's massive reach, which has led to some calling the largest ransomware attack ever, multiple victims told BleepingComputer that their backups were not affected, and they are restoring systems rather than paying a ransom.